Evidence-Based Information Security Management

In this course you will master the design and operation of information security processes with metrics and you will be able to represent this metrics in compact and engaging dashboards or reports. You will learn what is a measurement, how your choice of a model influences what gets measured, what is the relationship between security activity and business goals, and how to use reports in a way that leads to understanding the security posture of the organisation and drive the right decisions. This course is for experienced information security managers to want to move their ISMS beyond simple Compliance.

If you want to avoid the following ISMS common failings, then this course is for you:

1. When specific people go on leave or get sick, performance is affected.

2. Audits are painful and it takes a significant effort to pass successfully.

3. Changes in the ways things are done are difficult and slow to implement.

4. The same errors are made over and over again.

5. More than 20% of the time of the team is used trying to determine what to do or how to do it.

6. It is no infrequent to enter discussions with other teams about who is responsible for what.

7. The available Metrics do not reflect the performance of the team or the level of security.

8. Magic bullets are tried by management on a monthly basis and forgotten shortly after.

9. New ticketing software was supposed to solve all management issues. Instead, it has introduced issues of its own.

10. Your ISMS is certified, but you are conscious that this wouldn't prevent a serious incident from happening.